Idaho State Websites Hack Part of Much Broader, Continuing 'Mischief' Attack

Government sites in Washington, Maryland, Ohio, California and New York have also had their home pages hijacked. The defacements began over the weekend and new ones were still being reported Tuesday afternoon.

by Bill Dentzer, The Idaho Statesman
/
June 28, 2017

Shutterstock

(TNS) -- The weekend hacking of Idaho state treasurer websites was part of a much broader — and apparently continuing — “mischief” attack that probed websites for security holes to deface pages.

But the intruders who attacked the sites in Idaho and elsewhere did not otherwise compromise site security, and did not get access to databases with user information.

Nor would visitors to the four affected treasurer sites actually have seen the hacked pages unless they called them up by exact name. Those pages, intended to replace each site’s home page, were uploaded via a security exploit, but other security settings prevented users from being automatically redirected to them, the office said Tuesday.

RELATED

The group known as Team System Dz hijacks webpages to post pro-Islamic State messages. It publicized its most recent successful hacks on a Facebook page, until the page was taken down Tuesday afternoon, and on a site that tracks website defacements.

Besides Idaho, government sites in Washington, Maryland, Ohio, California and New York have had their home pages hijacked. The defacements began over the weekend and new ones were still being reported Tuesday afternoon.

“It looks like it was a distributed attack. It wasn’t focused on one specific entity,” said Lance Wyatt, the state’s chief information security officer. The exploit used by the hackers “wasn’t specific to a weakness as it was to particular technology that is being used.”

Wyatt said threat intelligence services coordinated through the U.S. Department of Homeland Security notified the state Sunday of the hacker activity. That information was relayed to information technology personnel at the Treasurer’s Office, who removed the intruder pages Monday. One security patch has been applied and another is pending.

“This was considered a web defacement, which in itself is low-risk,” Wyatt said, describing it as the “digital equivalent of graffiti.”